diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-09-12 20:03:16 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-09-12 20:03:16 (GMT) |
commit | 4875f28a2d1a44d6ddc860b51a78ad9800a95de7 (patch) | |
tree | 1dd9a08f012aadec9452e9862641c970eb109895 /src/analysis/scan/rule.c | |
parent | eddea5535071c775ea2efc543a88adbc775318d0 (diff) |
Count matches from a set of patterns.
Diffstat (limited to 'src/analysis/scan/rule.c')
-rw-r--r-- | src/analysis/scan/rule.c | 107 |
1 files changed, 106 insertions, 1 deletions
diff --git a/src/analysis/scan/rule.c b/src/analysis/scan/rule.c index 1d68b80..7719e8a 100644 --- a/src/analysis/scan/rule.c +++ b/src/analysis/scan/rule.c @@ -25,12 +25,15 @@ #include <assert.h> -#include <strings.h> +#include <regex.h> +#include <string.h> #include "rule-int.h" #include "matches/bytes.h" #include "patterns/token.h" +#include "../../common/extstr.h" +#include "../../core/logs.h" @@ -276,6 +279,108 @@ GSearchPattern *g_scan_rule_get_local_variable(GScanRule *rule, const char *targ /****************************************************************************** * * +* Paramètres : rule = règle de détection à consulter. * +* target = nom d'une variable locale à retrouver. * +* count = quantité de motifs renvoyés. [OUT] * +* * +* Description : Fournit une liste de variables locales à partir d'un nom. * +* * +* Retour : Motifs de détection retrouvés ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GSearchPattern **g_scan_rule_get_local_variables(GScanRule *rule, const char *target, size_t *count) +{ + GSearchPattern **result; /* Variables à retourner */ + size_t i; /* Boucle de parcours */ + char *regex; /* Définition complète */ + regex_t preg; /* Expression compilée */ + int ret; /* Bilan d'un appel */ + const char *name; /* Désignation d'un motif */ + + result = NULL; + + *count = 0; + + /* Premier cas de figure : la liste complète est attendue */ + + if (target == NULL) + { + *count = rule->bytes_used; + result = malloc(*count * sizeof(GSearchPattern *)); + + for (i = 0; i < rule->bytes_used; i++) + { + result[i] = rule->bytes_locals[i]; + g_object_ref(G_OBJECT(result[i])); + } + + } + + /* Second cas de figure : une expression régulière est vraisemblablement de mise */ + + else + { + regex = strdup(target); + + regex = strrpl(regex, "*", ".*"); + regex = strprep(regex, "^"); + regex = stradd(regex, "$"); + + printf("regex: %s\n", regex); + + ret = regcomp(&preg, regex, REG_NOSUB); + + if (ret != 0) + { + LOG_ERROR_REGCOMP(&preg, ret); + goto done; + } + + result = malloc(rule->bytes_used * sizeof(GSearchPattern *)); + + for (i = 0; i < rule->bytes_used; i++) + { + name = g_search_pattern_get_name(rule->bytes_locals[i]); + + ret = regexec(&preg, name, 0, NULL, 0); + + if (ret != REG_NOMATCH) + { + result[*count] = rule->bytes_locals[i]; + g_object_ref(G_OBJECT(result[*count])); + + (*count)++; + + } + + } + + printf(" ==> found: %zu patterns for '%s'\n", *count, target); + + if (*count == 0) + { + free(result); + result = NULL; + } + + regfree(&preg); + + done: + + free(regex); + + } + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : rule = règle de détection à compléter. * * expr = expression de condition à satisfaire. * * * |